前言
- 官方的教程很不错,但是还是有一些缺陷,作者从实践的方式出发,给大家带来有用的知识!
armbian安装防火墙
-
更新软件包
sudo apt update -
安装 ufw
sudo apt install ufw- 操作结果:
root@armbian:~# sudo apt install ufw Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: ufw 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 167 kB of archives. After this operation, 857 kB of additional disk space will be used. Get:1 https://mirrors.tuna.tsinghua.edu.cn/debian bullseye/main arm64 ufw all 0.36-7.1 [167 kB] Fetched 167 kB in 0s (335 kB/s) Preconfiguring packages ... Selecting previously unselected package ufw. (Reading database ... 35412 files and directories currently installed.) Preparing to unpack .../archives/ufw_0.36-7.1_all.deb ... Unpacking ufw (0.36-7.1) ... Setting up ufw (0.36-7.1) ... Creating config file /etc/ufw/before.rules with new version Creating config file /etc/ufw/before6.rules with new version Creating config file /etc/ufw/after.rules with new version Creating config file /etc/ufw/after6.rules with new version Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service → /lib/systemd/system/ufw.service. Processing triggers for rsyslog (8.2102.0-2+deb11u1) ... Processing triggers for man-db (2.9.4-2) ... -
启动 ufw
# 默认情况下,它将允许常见的服务端口(如 SSH、HTTP、HTTPS)通过,而其他所有端口将被拒绝 sudo ufw enableroot@armbian:~# sudo ufw enable WARN: uid is 0 but '/etc/default' is owned by 1001 WARN: uid is 0 but '/etc' is owned by 1001 WARN: uid is 0 but '/usr/sbin' is owned by 1001 WARN: uid is 0 but '/usr' is owned by 1001 Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup- 虽然,出现了警告信息,但是没关系,之后解决它
-
检测防火墙状态
root@armbian:~# sudo ufw status WARN: uid is 0 but '/etc/default' is owned by 1001 WARN: uid is 0 but '/etc' is owned by 1001 WARN: uid is 0 but '/usr/sbin' is owned by 1001 WARN: uid is 0 but '/usr' is owned by 1001 Status: active
- 进行到这里,如果你按照1panel官方教程的话,你会发现1panel的面板与服务器的连接,已经由于防火墙的存在断开,你又如何按照官方的教程点击面板上的开关按钮呢!
- 检查防火墙状态(补充:可跳过)
sudo iptables -L
原因分析
由于1panel默认安装时,访问的端口是任意生成的,所以无法通过默认开启的http80端口和https433端口进行访问,所以我们需要查看1panel的端口,然后开放端口的相应的端口。
解决方案
第一步:查看1panel的面板入口端口
1pctl user-info
- 例如:(这里作者之前进行的端口的修改)
- 参看 Armbian安装1panel教程
root@armbian:~# 1pctl user-info
username: root
password: xxxx
port: 1234
ssl: disable
entrance: xxxx
第二步:打开指定端口的访问权限
- 端口号就是第一步查看的
port值sudo ufw allow <端口号>- 例如
root@armbian:~# sudo ufw allow 1234
WARN: uid is 0 but '/etc/default' is owned by 1001
WARN: uid is 0 but '/etc' is owned by 1001
WARN: uid is 0 but '/usr/sbin' is owned by 1001
WARN: uid is 0 but '/usr' is owned by 1001
Rule added
Rule added (v6)
第三步:重启防火墙
- 激活防火墙,并根据您之前添加的规则来配置防火墙
sudo ufw enable- 例如:
root@armbian:~# sudo ufw enable WARN: uid is 0 but '/etc/default' is owned by 1001 WARN: uid is 0 but '/etc' is owned by 1001 WARN: uid is 0 but '/usr/sbin' is owned by 1001 WARN: uid is 0 but '/usr' is owned by 1001 Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
第四步骤:查看防火墙状态【可略】
- 确保防火墙已启用并且包含允许访问1Panel面板的端口规则
sudo ufw status- 例如:
root@armbian:~# sudo ufw status WARN: uid is 0 but '/etc/default' is owned by 1001 WARN: uid is 0 but '/etc' is owned by 1001 WARN: uid is 0 but '/usr/sbin' is owned by 1001 WARN: uid is 0 but '/usr' is owned by 1001 Status: active To Action From -- ------ ---- 1234 ALLOW Anywhere 1234 (v6) ALLOW Anywhere (v6) - 至此,你已经解决了问题,请访问第一步查出的1panel的面板入口重新登录,查看防火墙
